admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:44:27 +00:00
parent da65f348cd
commit 70f144152c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4231 additions and 4231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
2001/0xxx/CVE-2001-0215.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0215", "ID": "CVE-2001-0215",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010212 ROADS search system \"show files\" Vulnerability with \"null bite\" bug", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html" "lang": "eng",
}, "value": "ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte."
{ }
"name" : "http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "roads-search-view-files(6097)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6097" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2371", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/2371" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html",
"refsource": "CONFIRM",
"url": "http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html"
},
{
"name": "2371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2371"
},
{
"name": "roads-search-view-files(6097)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6097"
},
{
"name": "20010212 ROADS search system \"show files\" Vulnerability with \"null bite\" bug",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html"
}
]
}
} }

188
2001/0xxx/CVE-2001-0268.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0268", "ID": "CVE-2001-0268",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "CSSA-2001-SCO.35", "description_data": [
"refsource" : "CALDERA", {
"url" : "http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0014.html" "lang": "eng",
}, "value": "The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address."
{ }
"name" : "NetBSD-SA:2001-002", ]
"refsource" : "NETBSD", },
"url" : "http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20010219 Re: your mail", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20010302 The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory.", ]
"refsource" : "OPENBSD", }
"url" : "http://www.openbsd.org/errata.html#userldt" ]
}, },
{ "references": {
"name" : "VU#358960", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/358960" "name": "CSSA-2001-SCO.35",
}, "refsource": "CALDERA",
{ "url": "http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0014.html"
"name" : "2739", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2739" "name": "NetBSD-SA:2001-002",
}, "refsource": "NETBSD",
{ "url": "http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html"
"name" : "6141", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/6141" "name": "VU#358960",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/358960"
"name" : "user-ldt-validation(6222)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6222" "name": "user-ldt-validation(6222)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6222"
} },
{
"name": "2739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2739"
},
{
"name": "20010302 The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory.",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html#userldt"
},
{
"name": "20010219 Re: your mail",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html"
},
{
"name": "6141",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6141"
}
]
}
} }

128
2001/0xxx/CVE-2001-0314.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0314", "ID": "CVE-2001-0314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in www.tol module in America Online (AOL) 5.0 may allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL in a link."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010125 America Online 5.0 contains a buffer overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=98053366805491&w=2" "lang": "eng",
}, "value": "Buffer overflow in www.tol module in America Online (AOL) 5.0 may allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL in a link."
{ }
"name" : "aol-malformed-url-dos(6009)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6009" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aol-malformed-url-dos(6009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6009"
},
{
"name": "20010125 America Online 5.0 contains a buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=98053366805491&w=2"
}
]
}
} }

118
2001/0xxx/CVE-2001-0619.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0619", "ID": "CVE-2001-0619",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The 'Network Name' or SSID, which is used as a shared secret to join the network, is transmitted in the clear."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010402 Design Flaw in Lucent/Orinoco 802.11 proprietary access control- closed network", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0015.html" "lang": "eng",
} "value": "The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The 'Network Name' or SSID, which is used as a shared secret to join the network, is transmitted in the clear."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010402 Design Flaw in Lucent/Orinoco 802.11 proprietary access control- closed network",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0015.html"
}
]
}
} }

32
2001/0xxx/CVE-2001-0811.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2001-0811", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2001-0811",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none."
} }
] ]
} }
} }

158
2001/1xxx/CVE-2001-1116.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1116", "ID": "CVE-2001-1116",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010802 Identix BioLogon Client security bug", "description_data": [
"refsource" : "NTBUGTRAQ", {
"url" : "http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=IND0108&L=NTBUGTRAQ&F=P&S=&P=71" "lang": "eng",
}, "value": "Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display."
{ }
"name" : "20010808 Response to Identix BioLogon Client security bug", ]
"refsource" : "NTBUGTRAQ", },
"url" : "http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind0108&L=ntbugtraq&F=P&S=&P=724" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "identix-biologon-auth-bypass(6948)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6948" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3140", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/3140" ]
}, },
{ "references": {
"name" : "5453", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5453" "name": "identix-biologon-auth-bypass(6948)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6948"
} },
{
"name": "20010802 Identix BioLogon Client security bug",
"refsource": "NTBUGTRAQ",
"url": "http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=IND0108&L=NTBUGTRAQ&F=P&S=&P=71"
},
{
"name": "5453",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5453"
},
{
"name": "3140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3140"
},
{
"name": "20010808 Response to Identix BioLogon Client security bug",
"refsource": "NTBUGTRAQ",
"url": "http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind0108&L=ntbugtraq&F=P&S=&P=724"
}
]
}
} }

148
2001/1xxx/CVE-2001-1139.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1139", "ID": "CVE-2001-1139",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010822 [SNS Advisory No.39] WinWrapper Professional 2.0 Remote Arbitrary File Disclosure Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/209414" "lang": "eng",
}, "value": "Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request."
{ }
"name" : "http://www.tsc.ant.co.jp/products/download.htm", ]
"refsource" : "MISC", },
"url" : "http://www.tsc.ant.co.jp/products/download.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3219", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3219" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "winwrapper-dot-directory-traversal(7015)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/7015.php" ]
} },
] "references": {
} "reference_data": [
{
"name": "3219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3219"
},
{
"name": "winwrapper-dot-directory-traversal(7015)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7015.php"
},
{
"name": "20010822 [SNS Advisory No.39] WinWrapper Professional 2.0 Remote Arbitrary File Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/209414"
},
{
"name": "http://www.tsc.ant.co.jp/products/download.htm",
"refsource": "MISC",
"url": "http://www.tsc.ant.co.jp/products/download.htm"
}
]
}
} }

128
2001/1xxx/CVE-2001-1149.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1149", "ID": "CVE-2001-1149",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010821 RE: Bug report -- Incident number 240649", "description_data": [
"refsource" : "VULN-DEV", {
"url" : "http://www.securityfocus.com/archive/82/209328" "lang": "eng",
}, "value": "Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file."
{ }
"name" : "5456", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/5456" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010821 RE: Bug report -- Incident number 240649",
"refsource": "VULN-DEV",
"url": "http://www.securityfocus.com/archive/82/209328"
},
{
"name": "5456",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5456"
}
]
}
} }

138
2001/1xxx/CVE-2001-1223.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1223", "ID": "CVE-2001-1223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011226 Phoenix Sistemi Security Advisory: ELSA Lancom 1100 Office Security Problems", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/247274" "lang": "eng",
}, "value": "The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server."
{ }
"name" : "3746", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3746" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "elsa-lancom-web-administration(7739)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7739.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20011226 Phoenix Sistemi Security Advisory: ELSA Lancom 1100 Office Security Problems",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/247274"
},
{
"name": "elsa-lancom-web-administration(7739)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7739.php"
},
{
"name": "3746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3746"
}
]
}
} }

168
2006/2xxx/CVE-2006-2280.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2280", "ID": "CVE-2006-2280",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the template parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060507 OpenEngine (PHP CMS)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/433229/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the template parameter."
{ }
"name" : "17871", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/17871" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1728", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1728" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25359", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/25359" ]
}, },
{ "references": {
"name" : "20047", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20047" "name": "openengine-website-file-include(26345)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26345"
"name" : "openengine-website-file-include(26345)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26345" "name": "20047",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/20047"
} },
{
"name": "ADV-2006-1728",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1728"
},
{
"name": "20060507 OpenEngine (PHP CMS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433229/100/0/threaded"
},
{
"name": "25359",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25359"
},
{
"name": "17871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17871"
}
]
}
} }

168
2006/2xxx/CVE-2006-2863.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2863", "ID": "CVE-2006-2863",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060606 CS-Cart: request for information (fwd)", "description_data": [
"refsource" : "VIM", {
"url" : "http://www.attrition.org/pipermail/vim/2006-June/000824.html" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter."
{ }
"name" : "1872", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/1872" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18263", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18263" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2125", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2125" ]
}, },
{ "references": {
"name" : "20440", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20440" "name": "ADV-2006-2125",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2125"
"name" : "cscart-classesdir-file-include(26911)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26911" "name": "20060606 CS-Cart: request for information (fwd)",
} "refsource": "VIM",
] "url": "http://www.attrition.org/pipermail/vim/2006-June/000824.html"
} },
{
"name": "cscart-classesdir-file-include(26911)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26911"
},
{
"name": "18263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18263"
},
{
"name": "1872",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1872"
},
{
"name": "20440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20440"
}
]
}
} }

188
2008/5xxx/CVE-2008-5260.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2008-5260", "ID": "CVE-2008-5260",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090123 Secunia Research: AXIS Camera Control \"image_pan_tilt\" Property Buffer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/500334/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control in AxisCamControl.ocx in AXIS Camera Control 2.40.0.0 allows remote attackers to execute arbitrary code via a long image_pan_tilt property value."
{ }
"name" : "http://secunia.com/secunia_research/2008-58/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2008-58/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.axis.com/techsup/software/acc/files/acc_security_update_090119.pdf", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.axis.com/techsup/software/acc/files/acc_security_update_090119.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33408", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/33408" ]
}, },
{ "references": {
"name" : "ADV-2009-0228", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0228" "name": "http://secunia.com/secunia_research/2008-58/",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2008-58/"
"name" : "51532", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/51532" "name": "cameracontrol-activex-bo(48176)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48176"
"name" : "33444", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33444" "name": "33408",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/33408"
"name" : "cameracontrol-activex-bo(48176)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48176" "name": "51532",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/51532"
} },
{
"name": "33444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33444"
},
{
"name": "http://www.axis.com/techsup/software/acc/files/acc_security_update_090119.pdf",
"refsource": "CONFIRM",
"url": "http://www.axis.com/techsup/software/acc/files/acc_security_update_090119.pdf"
},
{
"name": "ADV-2009-0228",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0228"
},
{
"name": "20090123 Secunia Research: AXIS Camera Control \"image_pan_tilt\" Property Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500334/100/0/threaded"
}
]
}
} }

548
2008/5xxx/CVE-2008-5353.json
View File

@ -1,277 +1,277 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5353", "ID": "CVE-2008-5353",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by \"deserializing Calendar objects\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090524 Hardening OSX against CVE-2008-5353", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/503797/100/0/threaded" "lang": "eng",
}, "value": "The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by \"deserializing Calendar objects\"."
{ }
"name" : "http://blog.cr0.org/2009/05/write-once-own-everyone.html", ]
"refsource" : "MISC", },
"url" : "http://blog.cr0.org/2009/05/write-once-own-everyone.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html", "description": [
"refsource" : "MISC", {
"url" : "http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm" ]
}, },
{ "references": {
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" "name": "SSRT090049",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2"
"name" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", },
"refsource" : "CONFIRM", {
"url" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" "name": "SUSE-SA:2009:018",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html"
"name" : "GLSA-200911-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" "name": "34259",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34259"
"name" : "HPSBUX02411", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=123678756409861&w=2" "name": "ADV-2009-0672",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0672"
"name" : "SSRT080111", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=123678756409861&w=2" "name": "RHSA-2008:1018",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2008-1018.html"
"name" : "HPSBMA02486", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=126583436323697&w=2" "name": "33015",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33015"
"name" : "SSRT090049", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=126583436323697&w=2" "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm"
"name" : "RHSA-2008:1018", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2008-1018.html" "name": "34889",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34889"
"name" : "RHSA-2008:1025", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2008-1025.html" "name": "34233",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34233"
"name" : "RHSA-2009:0015", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0015.html" "name": "1021313",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021313"
"name" : "RHSA-2009:0016", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0016.html" "name": "GLSA-200911-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
"name" : "RHSA-2009:0445", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0445.html" "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf"
"name" : "RHSA-2009:0466", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-0466.html" "name": "http://blog.cr0.org/2009/05/write-once-own-everyone.html",
}, "refsource": "MISC",
{ "url": "http://blog.cr0.org/2009/05/write-once-own-everyone.html"
"name" : "244991", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244991-1" "name": "SUSE-SA:2009:007",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html"
"name" : "SUSE-SA:2009:007", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html" "name": "SSRT080111",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2"
"name" : "SUSE-SR:2009:006", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html" "name": "38539",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38539"
"name" : "SUSE-SA:2009:018", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html" "name": "http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html",
}, "refsource": "MISC",
{ "url": "http://landonf.bikemonkey.org/code/macosx/CVE-2008-5353.20090519.html"
"name" : "SUSE-SR:2009:010", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" "name": "34972",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34972"
"name" : "TA08-340A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" "name": "RHSA-2009:0466",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2009-0466.html"
"name" : "32608", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32608" "name": "SUSE-SR:2009:006",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
"name" : "50500", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50500" "name": "35065",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35065"
"name" : "oval:org.mitre.oval:def:6511", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6511" "name": "33528",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33528"
"name" : "1021313", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021313" "name": "oval:org.mitre.oval:def:6511",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6511"
"name" : "34233", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34233" "name": "20090524 Hardening OSX against CVE-2008-5353",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/503797/100/0/threaded"
"name" : "34259", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34259" "name": "RHSA-2008:1025",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2008-1025.html"
"name" : "34605", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34605" "name": "HPSBMA02486",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2"
"name" : "34889", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34889" "name": "ADV-2008-3339",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/3339"
"name" : "35065", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35065" "name": "HPSBUX02411",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2"
"name" : "34972", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34972" "name": "RHSA-2009:0445",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-0445.html"
"name" : "35118", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35118" "name": "244991",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244991-1"
"name" : "37386", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37386" "name": "RHSA-2009:0016",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-0016.html"
"name" : "38539", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38539" "name": "TA08-340A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html"
"name" : "ADV-2008-3339", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3339" "name": "33709",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33709"
"name" : "32991", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32991" "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=",
}, "refsource": "CONFIRM",
{ "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid="
"name" : "33015", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33015" "name": "34605",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34605"
"name" : "33710", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33710" "name": "SUSE-SR:2009:010",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
"name" : "33709", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33709" "name": "RHSA-2009:0015",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-0015.html"
"name" : "33528", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33528" "name": "35118",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35118"
"name" : "ADV-2009-0672", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0672" "name": "ADV-2009-1391",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1391"
"name" : "ADV-2009-1391", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1391" "name": "32991",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/32991"
} },
{
"name": "50500",
"refsource": "OSVDB",
"url": "http://osvdb.org/50500"
},
{
"name": "32608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32608"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
},
{
"name": "33710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33710"
}
]
}
} }

158
2008/5xxx/CVE-2008-5817.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5817", "ID": "CVE-2008-5817",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7602", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7602" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action."
{ }
"name" : "33028", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33028" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33337", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33337" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4860", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4860" ]
}, },
{ "references": {
"name" : "webclassifieds-index-sql-injection(47629)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47629" "name": "4860",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/4860"
} },
{
"name": "webclassifieds-index-sql-injection(47629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47629"
},
{
"name": "33337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33337"
},
{
"name": "7602",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7602"
},
{
"name": "33028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33028"
}
]
}
} }

32
2011/2xxx/CVE-2011-2389.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2389", "ID": "CVE-2011-2389",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2011/2xxx/CVE-2011-2422.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-2422", "ID": "CVE-2011-2422",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-19.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-19.html" "lang": "eng",
}, "value": "Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
{ }
"name" : "TA11-222A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-19.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-19.html"
}
]
}
} }

128
2011/2xxx/CVE-2011-2754.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2754", "ID": "CVE-2011-2754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21503959", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21503959" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "45106", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/45106" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45106"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21503959",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21503959"
}
]
}
} }

158
2011/2xxx/CVE-2011-2787.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-2787", "ID": "CVE-2011-2787",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=84805", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=84805" "lang": "eng",
}, "value": "Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "74237", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/74237" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14533", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14533" ]
}, },
{ "references": {
"name" : "google-chrome-gpu-dos(68949)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68949" "name": "oval:org.mitre.oval:def:14533",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14533"
} },
{
"name": "74237",
"refsource": "OSVDB",
"url": "http://osvdb.org/74237"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=84805",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=84805"
},
{
"name": "google-chrome-gpu-dos(68949)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68949"
}
]
}
} }

158
2011/2xxx/CVE-2011-2837.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-2837", "ID": "CVE-2011-2837",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=57908", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=57908" "lang": "eng",
}, "value": "Google Chrome before 14.0.835.163 on Linux does not use the PIC and PIE compiler options for position-independent code, which has unspecified impact and attack vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "75538", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/75538" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14139", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14139" ]
}, },
{ "references": {
"name" : "chrome-flags-unspecified(69864)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69864" "name": "75538",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/75538"
} },
{
"name": "chrome-flags-unspecified(69864)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69864"
},
{
"name": "oval:org.mitre.oval:def:14139",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14139"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=57908",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=57908"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html"
}
]
}
} }

32
2011/3xxx/CVE-2011-3120.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-3120", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-3120",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
} }
] ]
} }
} }

168
2011/3xxx/CVE-2011-3152.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3152", "ID": "CVE-2011-3152",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548" "lang": "eng",
}, "value": "DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file."
{ }
"name" : "USN-1284-1", ]
"refsource" : "UBUNTU", },
"url" : "http://www.ubuntu.com/usn/USN-1284-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50833", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50833" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "77642", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/77642" ]
}, },
{ "references": {
"name" : "47024", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47024" "name": "ubuntu-update-gpg-sec-bypass(71494)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71494"
"name" : "ubuntu-update-gpg-sec-bypass(71494)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71494" "name": "USN-1284-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-1284-1"
} },
{
"name": "77642",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77642"
},
{
"name": "50833",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50833"
},
{
"name": "https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548"
},
{
"name": "47024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47024"
}
]
}
} }

32
2011/3xxx/CVE-2011-3461.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3461", "ID": "CVE-2011-3461",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2011/3xxx/CVE-2011-3654.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3654", "ID": "CVE-2011-3654",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html" "lang": "eng",
}, "value": "The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=694953", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=694953" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:13830", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13830" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "49055", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/49055" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=694953",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=694953"
},
{
"name": "oval:org.mitre.oval:def:13830",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13830"
},
{
"name": "49055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49055"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-48.html"
}
]
}
} }

32
2011/3xxx/CVE-2011-3840.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3840", "ID": "CVE-2011-3840",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2011/4xxx/CVE-2011-4874.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2011-4874", "ID": "CVE-2011-4874",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf" "lang": "eng",
}, "value": "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file."
{ }
"name" : "http://www.promotic.eu/en/pmdoc/News.htm#ver80107", ]
"refsource" : "CONFIRM", },
"url" : "http://www.promotic.eu/en/pmdoc/News.htm#ver80107" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52988", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52988" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "promotic-project-file-code-exec(74846)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52988"
}
]
}
} }

698
2013/0xxx/CVE-2013-0169.json
View File

@ -1,352 +1,352 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0169", "ID": "CVE-2013-0169",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2013/02/05/24" "lang": "eng",
}, "value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
{ }
"name" : "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/", ]
"refsource" : "MISC", }
"url" : "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/" ]
}, },
{ "references": {
"name" : "http://www.matrixssl.org/news.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.matrixssl.org/news.html" "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
"name" : "http://www.openssl.org/news/secadv_20130204.txt", },
"refsource" : "CONFIRM", {
"url" : "http://www.openssl.org/news/secadv_20130204.txt" "name": "http://www.matrixssl.org/news.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.matrixssl.org/news.html"
"name" : "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", },
"refsource" : "CONFIRM", {
"url" : "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released" "name": "RHSA-2013:0587",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644047", },
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644047" "name": "FEDORA-2013-4403",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
"name" : "http://support.apple.com/kb/HT5880", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5880" "name": "TA13-051A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
"name" : "http://www.splunk.com/view/SP-CAAAHXG", },
"refsource" : "CONFIRM", {
"url" : "http://www.splunk.com/view/SP-CAAAHXG" "name": "oval:org.mitre.oval:def:19016",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084", },
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084" "name": "MDVSA-2013:095",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
"name" : "https://puppet.com/security/cve/cve-2013-0169", },
"refsource" : "CONFIRM", {
"url" : "https://puppet.com/security/cve/cve-2013-0169" "name": "55139",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55139"
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001", },
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001" "name": "55322",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55322"
"name" : "APPLE-SA-2013-09-12-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" "name": "oval:org.mitre.oval:def:19608",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
"name" : "DSA-2621", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2621" "name": "http://www.openssl.org/news/secadv_20130204.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.openssl.org/news/secadv_20130204.txt"
"name" : "DSA-2622", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2622" "name": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/",
}, "refsource": "MISC",
{ "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
"name" : "FEDORA-2013-4403", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html" "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084",
}, "refsource": "CONFIRM",
{ "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
"name" : "GLSA-201406-32", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
}, "refsource": "MISC",
{ "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
"name" : "HPSBUX02856", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136396549913849&w=2" "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
"name" : "SSRT101104", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136396549913849&w=2" "name": "openSUSE-SU-2013:0378",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
"name" : "HPSBMU02874", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "DSA-2622",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2622"
"name" : "HPSBUX02857", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "57778",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/57778"
"name" : "SSRT101103", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
"name" : "SSRT101184", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2013/02/05/24"
"name" : "HPSBUX02909", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137545771702053&w=2" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "SSRT101289", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137545771702053&w=2" "name": "55351",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55351"
"name" : "HPSBOV02852", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136432043316835&w=2" "name": "HPSBUX02856",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"
"name" : "SSRT101108", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136432043316835&w=2" "name": "https://puppet.com/security/cve/cve-2013-0169",
}, "refsource": "CONFIRM",
{ "url": "https://puppet.com/security/cve/cve-2013-0169"
"name" : "MDVSA-2013:095", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" "name": "SSRT101289",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"
"name" : "RHSA-2013:0587", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0587.html" "name": "openSUSE-SU-2016:0640",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
"name" : "RHSA-2013:0782", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0782.html" "name": "SSRT101108",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"
"name" : "RHSA-2013:0783", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0783.html" "name": "SUSE-SU-2013:0328",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "RHSA-2013:0833",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "USN-1735-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1735-1"
"name" : "RHSA-2013:0833", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0833.html" "name": "SUSE-SU-2014:0320",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
"name" : "SUSE-SU-2013:0328", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html" "name": "HPSBUX02857",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "openSUSE-SU-2013:0375", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html" "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001",
}, "refsource": "CONFIRM",
{ "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"
"name" : "openSUSE-SU-2013:0378", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html" "name": "53623",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/53623"
"name" : "SUSE-SU-2013:0701", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html" "name": "SUSE-SU-2013:0701",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
"name" : "SUSE-SU-2014:0320", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" "name": "VU#737740",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/737740"
"name" : "SUSE-SU-2015:0578", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html" "name": "oval:org.mitre.oval:def:19424",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
"name" : "openSUSE-SU-2016:0640", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" "name": "HPSBUX02909",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"
"name" : "USN-1735-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1735-1" "name": "DSA-2621",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2621"
"name" : "TA13-051A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-051A.html" "name": "RHSA-2013:0783",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
"name" : "VU#737740", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/737740" "name": "HPSBMU02874",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
"name" : "57778", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57778" "name": "APPLE-SA-2013-09-12-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
"name" : "oval:org.mitre.oval:def:19016", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016" "name": "55108",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55108"
"name" : "oval:org.mitre.oval:def:18841", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841" "name": "RHSA-2013:0782",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
"name" : "oval:org.mitre.oval:def:19424", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424" "name": "HPSBOV02852",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"
"name" : "oval:org.mitre.oval:def:19540", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540" "name": "SSRT101103",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "oval:org.mitre.oval:def:19608", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608" "name": "SSRT101104",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"
"name" : "1029190", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029190" "name": "SUSE-SU-2015:0578",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
"name" : "55108", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55108" "name": "openSUSE-SU-2013:0375",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
"name" : "55139", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55139" "name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released",
}, "refsource": "CONFIRM",
{ "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
"name" : "55322", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55322" "name": "oval:org.mitre.oval:def:19540",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
"name" : "55351", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55351" "name": "1029190",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029190"
"name" : "55350", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55350" "name": "oval:org.mitre.oval:def:18841",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
"name" : "53623", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53623" "name": "http://www.splunk.com/view/SP-CAAAHXG",
} "refsource": "CONFIRM",
] "url": "http://www.splunk.com/view/SP-CAAAHXG"
} },
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "SSRT101184",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
},
{
"name": "55350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55350"
}
]
}
} }

138
2013/0xxx/CVE-2013-0911.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-0911", "ID": "CVE-2013-0911",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in Google Chrome before 25.0.1364.152 allows remote attackers to have an unspecified impact via vectors related to databases."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=172264", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=172264" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16377", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16377" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=172264",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=172264"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html"
},
{
"name": "oval:org.mitre.oval:def:16377",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16377"
}
]
}
} }

118
2013/0xxx/CVE-2013-0976.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-0976", "ID": "CVE-2013-0976",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2013-03-14-1", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" "lang": "eng",
} "value": "IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2013-03-14-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
}
]
}
} }

32
2013/1xxx/CVE-2013-1459.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1459", "ID": "CVE-2013-1459",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

278
2013/1xxx/CVE-2013-1473.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-1473", "ID": "CVE-2013-1473",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment."
{ }
"name" : "HPSBUX02864", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT101156", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBMU02874", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" ]
}, },
{ "references": {
"name" : "HPSBUX02857", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "SSRT101156",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
"name" : "SSRT101103", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "TA13-032A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"
"name" : "SSRT101184", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "oval:org.mitre.oval:def:19121",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19121"
"name" : "RHSA-2013:0236", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" "name": "RHSA-2013:0236",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html"
"name" : "RHSA-2013:0237", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "VU#858729",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/858729"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "RHSA-2013:0237",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html"
"name" : "TA13-032A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" "name": "HPSBUX02857",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "VU#858729", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/858729" "name": "oval:org.mitre.oval:def:19271",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19271"
"name" : "57731", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57731" "name": "oval:org.mitre.oval:def:16074",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16074"
"name" : "oval:org.mitre.oval:def:16074", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16074" "name": "HPSBMU02874",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
"name" : "oval:org.mitre.oval:def:19121", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19121" "name": "SSRT101103",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "oval:org.mitre.oval:def:19271", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19271" "name": "57731",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/57731"
} },
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "HPSBUX02864",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
},
{
"name": "SSRT101184",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
}
]
}
} }

188
2013/1xxx/CVE-2013-1922.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1922", "ID": "CVE-2013-1922",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130415 Xen Security Advisory 48 (CVE-2013-1922) - qemu-nbd format-guessing due to missing format specification", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/04/15/3" "lang": "eng",
}, "value": "qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004."
{ }
"name" : "[oss-security] 20130416 CVE-2013-1922 -- qemu: qemu-nbd block format auto-detection vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/04/16/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2013-6211", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104036.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2013-6185", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.html" ]
}, },
{ "references": {
"name" : "FEDORA-2013-6221", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103637.html" "name": "FEDORA-2013-6221",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103637.html"
"name" : "GLSA-201309-24", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" "name": "55082",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55082"
"name" : "1028426", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1028426" "name": "FEDORA-2013-6185",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.html"
"name" : "55082", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55082" "name": "GLSA-201309-24",
} "refsource": "GENTOO",
] "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
} },
{
"name": "FEDORA-2013-6211",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/104036.html"
},
{
"name": "[oss-security] 20130416 CVE-2013-1922 -- qemu: qemu-nbd block format auto-detection vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/16/2"
},
{
"name": "1028426",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028426"
},
{
"name": "[oss-security] 20130415 Xen Security Advisory 48 (CVE-2013-1922) - qemu-nbd format-guessing due to missing format specification",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/15/3"
}
]
}
} }

218
2013/1xxx/CVE-2013-1993.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1993", "ID": "CVE-2013-1993",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/05/23/3" "lang": "eng",
}, "value": "Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions."
{ }
"name" : "[Mesa-dev] 20130523 [PATCH:mesa 1/2] integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2]", ]
"refsource" : "MLIST", },
"url" : "http://lists.freedesktop.org/archives/mesa-dev/2013-May/039720.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[Mesa-dev] 20130523 [PATCH:mesa 2/2] integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2]", "description": [
"refsource" : "MLIST", {
"url" : "http://lists.freedesktop.org/archives/mesa-dev/2013-May/039722.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", ]
"refsource" : "CONFIRM", }
"url" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" ]
}, },
{ "references": {
"name" : "http://advisories.mageia.org/MGASA-2013-0190.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://advisories.mageia.org/MGASA-2013-0190.html" "name": "[Mesa-dev] 20130523 [PATCH:mesa 1/2] integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2]",
}, "refsource": "MLIST",
{ "url": "http://lists.freedesktop.org/archives/mesa-dev/2013-May/039720.html"
"name" : "DSA-2678", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2678" "name": "http://advisories.mageia.org/MGASA-2013-0190.html",
}, "refsource": "CONFIRM",
{ "url": "http://advisories.mageia.org/MGASA-2013-0190.html"
"name" : "MDVSA-2013:181", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:181" "name": "DSA-2678",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2678"
"name" : "RHSA-2013:0898", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0898.html" "name": "openSUSE-SU-2013:0865",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00007.html"
"name" : "RHSA-2013:0897", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0897.html" "name": "USN-1888-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1888-1"
"name" : "openSUSE-SU-2013:0865", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00007.html" "name": "MDVSA-2013:181",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:181"
"name" : "USN-1888-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1888-1" "name": "RHSA-2013:0898",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-0898.html"
} },
{
"name": "RHSA-2013:0897",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0897.html"
},
{
"name": "[Mesa-dev] 20130523 [PATCH:mesa 2/2] integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2]",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/mesa-dev/2013-May/039722.html"
},
{
"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
}
]
}
} }

32
2013/5xxx/CVE-2013-5027.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5027", "ID": "CVE-2013-5027",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2013/5xxx/CVE-2013-5160.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-5160", "ID": "CVE-2013-5160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5957", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5957" "lang": "eng",
}, "value": "Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference."
{ }
"name" : "APPLE-SA-2013-09-26-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT5957",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5957"
},
{
"name": "APPLE-SA-2013-09-26-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html"
}
]
}
} }

32
2013/5xxx/CVE-2013-5207.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5207", "ID": "CVE-2013-5207",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2013/5xxx/CVE-2013-5349.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2013-5349", "ID": "CVE-2013-5349",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://secunia.com/secunia_research/2013-14/", "description_data": [
"refsource" : "MISC", {
"url" : "http://secunia.com/secunia_research/2013-14/" "lang": "eng",
}, "value": "Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size."
{ }
"name" : "https://support.google.com/picasa/answer/53209", ]
"refsource" : "CONFIRM", },
"url" : "https://support.google.com/picasa/answer/53209" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1029527", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029527" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "55555", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/55555" ]
} },
] "references": {
} "reference_data": [
{
"name": "55555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55555"
},
{
"name": "http://secunia.com/secunia_research/2013-14/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2013-14/"
},
{
"name": "1029527",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029527"
},
{
"name": "https://support.google.com/picasa/answer/53209",
"refsource": "CONFIRM",
"url": "https://support.google.com/picasa/answer/53209"
}
]
}
} }

128
2013/5xxx/CVE-2013-5702.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5702", "ID": "CVE-2013-5702",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8/" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters."
{ }
"name" : "http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes/", ]
"refsource" : "CONFIRM", },
"url" : "http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes/",
"refsource": "CONFIRM",
"url": "http://watchguardsecuritycenter.com/2013/10/17/xtm-11-8-secfixes/"
},
{
"name": "http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8/",
"refsource": "CONFIRM",
"url": "http://watchguardsecuritycenter.com/2013/10/17/watchguard-dimension-and-fireware-xtm-11-8/"
}
]
}
} }

178
2013/5xxx/CVE-2013-5854.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-5854", "ID": "CVE-2013-5854",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors."
{ }
"name" : "HPSBUX02944", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=138674073720143&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:1440", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "63079", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/63079" ]
}, },
{ "references": {
"name" : "98570", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/98570" "name": "RHSA-2013:1440",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"
"name" : "oval:org.mitre.oval:def:19187", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19187" "name": "98570",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/98570"
"name" : "oracle-cpuoct2013-cve20135854(88009)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88009" "name": "HPSBUX02944",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2"
} },
{
"name": "oval:org.mitre.oval:def:19187",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19187"
},
{
"name": "oracle-cpuoct2013-cve20135854(88009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88009"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"name": "63079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63079"
}
]
}
} }

128
2014/2xxx/CVE-2014-2252.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2252", "ID": "CVE-2014-2252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" "lang": "eng",
}, "value": "Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253."
{ }
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02"
}
]
}
} }

148
2017/0xxx/CVE-2017-0160.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0160", "ID": "CVE-2017-0160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : ".NET Framework", "product_name": ".NET Framework",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : ".NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7" "version_value": ".NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka \".NET Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41903", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41903/" "lang": "eng",
}, "value": "Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka \".NET Remote Code Execution Vulnerability.\""
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0160", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0160" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "97447", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97447" "lang": "eng",
}, "value": "Remote Code Execution"
{ }
"name" : "1038236", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038236" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0160",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0160"
},
{
"name": "97447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97447"
},
{
"name": "41903",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41903/"
},
{
"name": "1038236",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038236"
}
]
}
} }

150
2017/0xxx/CVE-2017-0368.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@debian.org", "ASSIGNER": "security@debian.org",
"DATE_PUBLIC" : "2017-04-06T20:49:00.000Z", "DATE_PUBLIC": "2017-04-06T20:49:00.000Z",
"ID" : "CVE-2017-0368", "ID": "CVE-2017-0368",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Make rawHTML mode not apply to system messages" "TITLE": "Make rawHTML mode not apply to system messages"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "mediawiki", "product_name": "mediawiki",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "mediawiki" "vendor_name": "mediawiki"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "missing sanitization"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html" "lang": "eng",
}, "value": "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages."
{ }
"name" : "https://phabricator.wikimedia.org/T156184", ]
"refsource" : "CONFIRM", },
"url" : "https://phabricator.wikimedia.org/T156184" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://security-tracker.debian.org/tracker/CVE-2017-0368", "description": [
"refsource" : "CONFIRM", {
"url" : "https://security-tracker.debian.org/tracker/CVE-2017-0368" "lang": "eng",
} "value": "missing sanitization"
] }
}, ]
"source" : { }
"advisory" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", ]
"discovery" : "UNKNOWN" },
} "references": {
"reference_data": [
{
"name": "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html"
},
{
"name": "https://phabricator.wikimedia.org/T156184",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T156184"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-0368",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0368"
}
]
},
"source": {
"advisory": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html",
"discovery": "UNKNOWN"
}
} }

142
2017/0xxx/CVE-2017-0753.json
View File

@ -1,74 +1,74 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-09-05T00:00:00", "DATE_PUBLIC": "2017-09-05T00:00:00",
"ID" : "CVE-2017-0753", "ID": "CVE-2017-0753",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
}, },
{ {
"version_value" : "8.0" "version_value": "8.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-09-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-09-01" "lang": "eng",
}, "value": "A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744."
{ }
"name" : "100650", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100650" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100650"
}
]
}
} }

122
2017/1000xxx/CVE-2017-1000206.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.435323", "DATE_ASSIGNED": "2017-08-22T17:29:33.435323",
"ID" : "CVE-2017-1000206", "ID": "CVE-2017-1000206",
"REQUESTER" : "mp15@sanger.ac.uk", "REQUESTER": "mp15@sanger.ac.uk",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "htslib", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.4.0 and older" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "samtools" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/samtools/htslib/blob/1.4.1/NEWS", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/samtools/htslib/blob/1.4.1/NEWS" "lang": "eng",
} "value": "samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution"
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/samtools/htslib/blob/1.4.1/NEWS",
"refsource": "CONFIRM",
"url": "https://github.com/samtools/htslib/blob/1.4.1/NEWS"
}
]
}
} }

150
2017/12xxx/CVE-2017-12122.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-03-01T00:00:00", "DATE_PUBLIC": "2018-03-01T00:00:00",
"ID" : "CVE-2017-12122", "ID": "CVE-2017-12122",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Simple DirectMedia Layer", "product_name": "Simple DirectMedia Layer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "SDL2_image 2.0.2" "version_value": "SDL2_image 2.0.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Sam Lantinga and Mattias Engdegård" "vendor_name": "Sam Lantinga and Mattias Engdeg\u00e5rd"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html" "lang": "eng",
}, "value": "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability."
{ }
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488", ]
"refsource" : "MISC", },
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4177", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4177" "lang": "eng",
}, "value": "remote code execution"
{ }
"name" : "DSA-4184", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2018/dsa-4184" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488"
},
{
"name": "DSA-4177",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4177"
},
{
"name": "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html"
},
{
"name": "DSA-4184",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4184"
}
]
}
} }

208
2017/12xxx/CVE-2017-12154.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-12154", "ID": "CVE-2017-12154",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Linux kernel through 4.13.3", "product_name": "Linux kernel through 4.13.3",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Linux kernel through 4.13.3" "version_value": "Linux kernel through 4.13.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the \"CR8-load exiting\" and \"CR8-store exiting\" L0 vmcs02 controls exist in cases where L1 omits the \"use TPR shadow\" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "incorrect access control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f" "lang": "eng",
}, "value": "The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the \"CR8-load exiting\" and \"CR8-store exiting\" L0 vmcs02 controls exist in cases where L1 omits the \"use TPR shadow\" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1491224", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1491224" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f" "lang": "eng",
}, "value": "incorrect access control"
{ }
"name" : "https://www.spinics.net/lists/kvm/msg155414.html", ]
"refsource" : "CONFIRM", }
"url" : "https://www.spinics.net/lists/kvm/msg155414.html" ]
}, },
{ "references": {
"name" : "DSA-3981", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3981" "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51aa68e7d57e3217192d88ce90fd5b8ef29ec94f"
"name" : "RHSA-2018:0676", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0676" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1491224"
"name" : "RHSA-2018:1062", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1062" "name": "RHSA-2018:1062",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1062"
"name" : "USN-3698-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3698-2/" "name": "100856",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/100856"
"name" : "USN-3698-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3698-1/" "name": "DSA-3981",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3981"
"name" : "100856", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100856" "name": "https://www.spinics.net/lists/kvm/msg155414.html",
} "refsource": "CONFIRM",
] "url": "https://www.spinics.net/lists/kvm/msg155414.html"
} },
{
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "USN-3698-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-1/"
},
{
"name": "https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f"
},
{
"name": "USN-3698-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-2/"
}
]
}
} }

138
2017/12xxx/CVE-2017-12367.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12367", "ID": "CVE-2017-12367",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco WebEx Recording Format and Advanced Recording Format Players", "product_name": "Cisco WebEx Recording Format and Advanced Recording Format Players",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco WebEx Recording Format and Advanced Recording Format Players" "version_value": "Cisco WebEx Recording Format and Advanced Recording Format Players"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A \"Cisco WebEx Network Recording Player Denial of Service Vulnerability\" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve11545, CSCve02843, CSCve11548."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-119"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players" "lang": "eng",
}, "value": "A \"Cisco WebEx Network Recording Player Denial of Service Vulnerability\" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve11545, CSCve02843, CSCve11548."
{ }
"name" : "102017", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102017" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039895", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039895" "lang": "eng",
} "value": "CWE-119"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "102017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102017"
},
{
"name": "1039895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039895"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players"
}
]
}
} }

118
2017/12xxx/CVE-2017-12930.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12930", "ID": "CVE-2017-12930",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/144257/DlxSpot-SQL-Injection.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/144257/DlxSpot-SQL-Injection.html" "lang": "eng",
} "value": "SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/144257/DlxSpot-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/144257/DlxSpot-SQL-Injection.html"
}
]
}
} }

130
2017/16xxx/CVE-2017-16043.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16043", "ID": "CVE-2017-16043",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "shout node module", "product_name": "shout node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : ">=0.44.0 <=0.49.3" "version_value": ">=0.44.0 <=0.49.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/erming/shout/pull/344", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/erming/shout/pull/344" "lang": "eng",
}, "value": "Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3."
{ }
"name" : "https://nodesecurity.io/advisories/322", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/322" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/erming/shout/pull/344",
"refsource": "MISC",
"url": "https://github.com/erming/shout/pull/344"
},
{
"name": "https://nodesecurity.io/advisories/322",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/322"
}
]
}
} }

32
2017/16xxx/CVE-2017-16336.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16336", "ID": "CVE-2017-16336",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2017/16xxx/CVE-2017-16803.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16803", "ID": "CVE-2017-16803",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.libav.org/show_bug.cgi?id=1098", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.libav.org/show_bug.cgi?id=1098" "lang": "eng",
}, "value": "In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream."
{ }
"name" : "https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4119", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4119" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201811-19", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201811-19" ]
}, },
{ "references": {
"name" : "101882", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101882" "name": "DSA-4119",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2018/dsa-4119"
} },
{
"name": "GLSA-201811-19",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-19"
},
{
"name": "https://bugzilla.libav.org/show_bug.cgi?id=1098",
"refsource": "CONFIRM",
"url": "https://bugzilla.libav.org/show_bug.cgi?id=1098"
},
{
"name": "101882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101882"
},
{
"name": "https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f",
"refsource": "CONFIRM",
"url": "https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f"
}
]
}
} }

128
2017/16xxx/CVE-2017-16841.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16841", "ID": "CVE-2017-16841",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43149", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43149/" "lang": "eng",
}, "value": "LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx."
{ }
"name" : "https://www.linkedin.com/pulse/lansweeper-bug-miguel-angel-mendez-oscp", ]
"refsource" : "MISC", },
"url" : "https://www.linkedin.com/pulse/lansweeper-bug-miguel-angel-mendez-oscp" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43149",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43149/"
},
{
"name": "https://www.linkedin.com/pulse/lansweeper-bug-miguel-angel-mendez-oscp",
"refsource": "MISC",
"url": "https://www.linkedin.com/pulse/lansweeper-bug-miguel-angel-mendez-oscp"
}
]
}
} }

32
2017/4xxx/CVE-2017-4056.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4056", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4056",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4288.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4288", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4288",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4435.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4435", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4435",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

160
2018/18xxx/CVE-2018-18346.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-18346", "ID": "CVE-2018-18346",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "71.0.3578.80" "version_value": "71.0.3578.80"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/606104", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/606104" "lang": "eng",
}, "value": "Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page."
{ }
"name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4352", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4352" "lang": "eng",
}, "value": "Incorrect security UI"
{ }
"name" : "RHSA-2018:3803", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:3803" ]
}, },
{ "references": {
"name" : "106084", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106084" "name": "https://crbug.com/606104",
} "refsource": "MISC",
] "url": "https://crbug.com/606104"
} },
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "RHSA-2018:3803",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106084"
}
]
}
} }

118
2018/5xxx/CVE-2018-5088.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5088", "ID": "CVE-2018-5088",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x8300211C", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x8300211C" "lang": "eng",
} "value": "In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x8300211C",
"refsource": "MISC",
"url": "https://github.com/rubyfly/K7AntiVirus_POC/tree/master/0x8300211C"
}
]
}
} }

32
2018/5xxx/CVE-2018-5171.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5171", "ID": "CVE-2018-5171",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2018/5xxx/CVE-2018-5314.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5314", "ID": "CVE-2018-5314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.citrix.com/article/CTX232199", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.citrix.com/article/CTX232199" "lang": "eng",
}, "value": "Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt."
{ }
"name" : "103186", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103186" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040439", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040439" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1040439",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040439"
},
{
"name": "https://support.citrix.com/article/CTX232199",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX232199"
},
{
"name": "103186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103186"
}
]
}
} }

32
2018/5xxx/CVE-2018-5603.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5603", "ID": "CVE-2018-5603",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/5xxx/CVE-2018-5796.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5796", "ID": "CVE-2018-5796",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003" "lang": "eng",
} "value": "An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Hidden Root Shell by entering the administrator password in conjunction with the 'service start-shell' CLI command."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003",
"refsource": "CONFIRM",
"url": "https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003"
}
]
}
} }